";
}
function mysql_die($error = "") {
global $strError,$strSQLQuery, $strMySQLSaid, $strBack, $sql_query;
echo " $strError ";
if(isset($sql_query) && !empty($sql_query))
{
echo "$strSQLQuery:
$sql_query
";
}
if(empty($error))
echo $strMySQLSaid.mysql_error();
else
echo $strMySQLSaid.$error;
echo "\n
$strBack";
include("footer.inc.php3");
exit;
}
function auth() {
global $cfgServer, $strAccessDenied, $strWrongUser;
//$PHP_AUTH_USER = ""; // No need to do this since err 401 allready clears that var
Header("status: 401 Unauthorized");
Header("HTTP/1.0 401 Unauthorized");
Header("WWW-authenticate: basic realm=\"phpMySQLAdmin on ".$cfgServer['host']."\"");
echo "
".$strAccessDenied."\n";
echo "
".$strWrongUser."
\n";
echo "";
exit;
}
// Use mysql_connect() or mysql_pconnect()?
$connect_func = ($cfgPersistentConnections) ? "mysql_pconnect" : "mysql_connect";
$dblist = array();
reset($cfgServers);
while(list($key, $val) = each($cfgServers)) {
// Don't use servers with no hostname
if (empty($val['host'])) {
unset($cfgServers[$key]);
}
}
if(empty($server) || !isset($cfgServers[$server]) || !is_array($cfgServers[$server]))
$server = $cfgServerDefault;
if($server == 0) {
// If no server is selected, make sure that $cfgServer is empty
// (so that nothing will work), and skip server authentication.
// We do NOT exit here, but continue on without logging into
// any server. This way, the welcome page will still come up
// (with no server info) and present a choice of servers in the
// case that there are multiple servers and '$cfgServerDefault = 0'
// is set.
$cfgServer = array();
} else {
// Otherwise, set up $cfgServer and do the usual login stuff.
$cfgServer = $cfgServers[$server];
if(isset($cfgServer['only_db']) && !empty($cfgServer['only_db']))
$dblist[] = $cfgServer['only_db'];
if($cfgServer['adv_auth']) {
if (empty($PHP_AUTH_USER) && isset($REMOTE_USER))
$PHP_AUTH_USER=$REMOTE_USER;
if(empty($PHP_AUTH_PW) && isset($REMOTE_PASSWORD))
$PHP_AUTH_PW=$REMOTE_PASSWORD;
if(!isset($old_usr)) {
if(empty($PHP_AUTH_USER)) {
$AUTH=TRUE;
} else {
$AUTH=FALSE;
}
} else {
if($old_usr==$PHP_AUTH_USER) {
// force user to enter a different username
$AUTH=TRUE;
unset($old_usr);
} else {
$AUTH=FALSE;
}
}
if($AUTH) {
auth();
} else {
if(empty($cfgServer['port'])) {
$dbh = $connect_func($cfgServer['host'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die();
} else {
$dbh = $connect_func($cfgServer['host'].":".$cfgServer['port'],$cfgServer['stduser'],$cfgServer['stdpass']) or mysql_die();
}
$PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = addslashes($PHP_AUTH_PW);
$rs = mysql_db_query("mysql", "SELECT User, Password, Select_priv FROM user where User = '$PHP_AUTH_USER' AND Password = PASSWORD('$PHP_AUTH_PW')", $dbh) or mysql_die();
if(@mysql_numrows($rs) <= 0) {
auth();
} else {
$row = mysql_fetch_array($rs);
if ($row["Select_priv"] != "Y") {
//correction uva 19991215 ---------------------------
//previous code assumed database "mysql" admin table "db"
//column "db" contains literal name of user database, and
//works if so. mysql usage generally (and uva usage
//specifically) allows this column to contain regular
//expressions. (we have all databases owned by a given
//student/faculty/staff beginning with user i.d. and
//governed by default by a single set of privileges with
//regular expression as key. this breaks previous code.
//this maintenance is to fix code to work correctly for
//regular expressions.
//begin correction uva 19991215 pt. 1 ---------------------------
//add "DISTINCT" to next line: need single row only
$rs = mysql_db_query("mysql", "SELECT DISTINCT Db FROM db WHERE Select_priv = 'Y' AND User = '$PHP_AUTH_USER'") or mysql_die();
//end correction uva 19991215 pt. 1 -----------------------------
if (@mysql_numrows($rs) <= 0) {
$rs = mysql_db_query("mysql", "SELECT Db FROM tables_priv WHERE Table_priv like '%Select%' AND User = '$PHP_AUTH_USER'") or mysql_die();
if (@mysql_numrows($rs) <= 0) {
auth();
} else {
while ($row = mysql_fetch_array($rs))
$dblist[] = $row["Db"];
}
} else {
//begin correction uva 19991215 pt. 2 ---------------------------
//see pt. 1, above, for description of change
$uva_mydbs = array(); // will use as associative array
//of the following 2 code lines,
// the 1st is the only line intact from before correction, pt. 2
// the 2nd replaces $dblist[] = $row["Db"];
//code following those 2 lines in correction, pt. 2, continues
//populating $dblist[], as previous code did. but it is
//now populated with actual database names instead of with
//regular expressions.
while($row = mysql_fetch_array($rs)) {
$uva_mydbs[ $row["Db"] ] = 1;
}
$uva_alldbs = mysql_list_dbs();
while($uva_row = mysql_fetch_array($uva_alldbs)) {
$uva_db = $uva_row[0];
if (isset($uva_mydbs[$uva_db]) && 1 == $uva_mydbs[$uva_db]) {
$dblist[] = $uva_db;
$uva_mydbs[$uva_db] = 0;
} else {
reset($uva_mydbs);
while (list($uva_matchpattern,$uva_value) = each($uva_mydbs)) {
$uva_regex = ereg_replace("%",".+",$uva_matchpattern);
// fixed db name matching 2000-08-28 Benjamin Gandon
if(ereg("^".$uva_regex."$",$uva_db)) {
$dblist[] = $uva_db;
break;
}
}
}
}
//end correction uva 19991215 pt. 2 -----------------------------
}
}
}
}
$cfgServer['user']=$PHP_AUTH_USER;
$cfgServer['password']=$PHP_AUTH_PW;
}
if (empty($cfgServer['port'])) {
$link = $connect_func($cfgServer['host'], $cfgServer['user'], $cfgServer['password']) or mysql_die();
} else {
$link = $connect_func($cfgServer['host'].":".$cfgServer['port'], $cfgServer['user'], $cfgServer['password']) or mysql_die();
}
$result = mysql_query("SELECT VERSION() AS version") or mysql_die();
$row = mysql_fetch_array($result);
define("MYSQL_MAJOR_VERSION", substr($row["version"], 0, 4));
//BEGIN - Additional Version Info - 2 May 2001 - Robbat2
define("MYSQL_MINOR_VERSION", substr($row["version"], 5)); //skip the .
//END - Additional Version Info - 2 May 2001 - Robbat2
}
// -----------------------------------------------------------------
function display_table ($dt_result) {
global $cfgBorder, $cfgBgcolorOne, $cfgBgcolorTwo, $cfgMaxRows, $pos;
global $server, $lang, $db, $table, $sql_query, $sql_order, $cfgOrder, $cfgShowBlob;
global $goto, $strShowingRecords, $strSelectNumRows, $SelectNumRows;
global $strTotal, $strEdit, $strPrevious, $strNext, $strDelete, $strDeleted;
global $strPos1, $strEnd, $sessionMaxRows, $strGo, $strShow, $strRowsFrom;
global $cfgModifyDeleteAtLeft, $cfgModifyDeleteAtRight;
$cfgMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows;
$sessionMaxRows = isset($sessionMaxRows) ? $sessionMaxRows : $cfgMaxRows;
load_javascript();
$primary = false;
if(!empty($table) && !empty($db)) {
$result = mysql_db_query($db, "SELECT COUNT(*) as total FROM $table") or mysql_die();
$row = mysql_fetch_array($result);
$total = $row["total"];
}
if(!isset($pos))
$pos = 0;
$pos_next = $pos + $cfgMaxRows;
$pos_prev = $pos - $cfgMaxRows;
if(isset($total) && $total>1) {
if(isset($SelectNumRows) && $SelectNumRows!=$total)
$selectstring = ", $SelectNumRows $strSelectNumRows";
else
$selectstring = "";
$se = isset($se) ? $se : "";
$lastShownRec = $pos_next - 1;
show_message("$strShowingRecords $pos - $lastShownRec ($se$total $strTotal$selectstring)");
} else {
show_message($GLOBALS["strSQLQuery"]);
}
?>
table;
mysql_field_seek($dt_result, 0);
show_table_navigation($pos_next, $pos_prev, $dt_result);
?>
| \n";
}
while($field = mysql_fetch_field($dt_result))
{
if(@mysql_num_rows($dt_result)>1)
{
$sort_order=urlencode(" order by $field->name $cfgOrder");
echo "";
if(!eregi("SHOW VARIABLES|SHOW PROCESSLIST|SHOW STATUS", $sql_query))
echo "";
echo $field->name;
if(!eregi("SHOW VARIABLES|SHOW PROCESSLIST|SHOW STATUS", $sql_query))
echo "";
echo " | \n";
}
else
{
echo "$field->name | ";
}
$table = $field->table;
}
echo "
\n";
$foo = 0;
while($row = mysql_fetch_row($dt_result))
{
$primary_key = "";
//begin correction uva 19991216 ---------------------------
//previous code assumed that all tables have keys, specifically
//that only the phpMyAdmin GUI should support row delete/edit
//only for such tables. although always using keys is arguably
//the prescribed way of defining a relational table, it is not
//required. this will in particular be violated by the novice. we
//want to encourage phpMyAdmin usage by such novices. so the code
//below has been changed to conditionally work as before when the
//table being displayed has one or more keys; but to display delete/edit
//options correctly for tables without keys.
//begin correction uva 19991216 pt. 1 ---------------------------
$uva_nonprimary_condition = "";
//end correction uva 19991216 pt. 1 -----------------------------
$bgcolor = $cfgBgcolorOne;
$foo % 2 ? 0: $bgcolor = $cfgBgcolorTwo;
echo "";
for($i=0; $inumeric == 1) {
if($sql_query == "SHOW PROCESSLIST")
$Id = $row[$i];
}
if($primary->primary_key > 0)
$primary_key .= " $primary->name = '".addslashes($row[$i])."' AND";
//begin correction uva 19991216 pt. 2 ---------------------------
//see pt. 1, above, for description of change
$uva_nonprimary_condition .= " $primary->name = '".addslashes($row[$i])."' AND";
//end correction uva 19991216 pt. 2 -----------------------------
}
//begin correction uva 19991216 pt. 3 ---------------------------
//see pt. 1, above, for description of change
//prefer primary keys for condition, but use conjunction of
//all values if no primary key
if($primary_key) //use differently and include else
$uva_condition = $primary_key;
else
$uva_condition = $uva_nonprimary_condition;
// { code no longer conditional on $primary_key
// $primary_key replaced with $uva_condition below
$uva_condition = urlencode(ereg_replace("AND$", "", $uva_condition));
$query = "server=$server&lang=$lang&db=$db&table=$table&pos=$pos";
$goto = (isset($goto) && !empty($goto) && empty($GLOBALS["QUERY_STRING"])) ? $goto : "sql.php3";
$edit_url = "tbl_change.php3";
$edit_url .= "?primary_key=$uva_condition";
$edit_url .= "&$query";
$edit_url .= "&sql_query=".urlencode($sql_query);
$edit_url .= "&goto=$goto";
// Chistian Schmidt suggest added in $delete_url 2000-08-24
$delete_url = "sql.php3";
$delete_url .= "?sql_query=".urlencode("DELETE FROM $table WHERE ").$uva_condition;
$delete_url .= "&$query";
$delete_url .= "&goto=sql.php3".urlencode("?$query&goto=tbl_properties.php3&sql_query=".urlencode($sql_query)."&zero_rows=".urlencode($strDeleted));
if($cfgModifyDeleteAtLeft) {
echo "| ".$strEdit." | ";
echo "".$strDelete." | ";
}
// } code no longer condition on $primary_key
//end correction uva 19991216 pt. 3 -----------------------------
if($sql_query == "SHOW PROCESSLIST")
echo "KILL | \n";
//possibility to have the modify/delete button on the left added
// 2000-08-29
for($i=0; $inumeric == 1) {
echo " $row[$i] | \n";
} elseif($cfgShowBlob == false && eregi("BLOB", $primary->type)) {
echo " [BLOB] | \n";
} else {
echo " ".htmlspecialchars($row[$i])." | \n";
}
}
if($cfgModifyDeleteAtRight) {
echo "".$strEdit." | ";
echo "".$strDelete." | ";
}
echo "
\n";
$foo++;
}
echo "
\n";
show_table_navigation($pos_next, $pos_prev, $dt_result);
}//display_table
// Return $table's CREATE definition
// Returns a string containing the CREATE statement on success
function get_table_def($db, $table, $crlf)
{
global $drop;
$schema_create = "";
if(!empty($drop))
$schema_create .= "DROP TABLE IF EXISTS $table;$crlf";
$schema_create .= "CREATE TABLE $table ($crlf";
$result = mysql_db_query($db, "SHOW FIELDS FROM $table") or mysql_die();
while($row = mysql_fetch_array($result))
{
$schema_create .= " $row[Field] $row[Type]";
if(isset($row["Default"]) && (!empty($row["Default"]) || $row["Default"] == "0"))
$schema_create .= " DEFAULT '$row[Default]'";
if($row["Null"] != "YES")
$schema_create .= " NOT NULL";
if($row["Extra"] != "")
$schema_create .= " $row[Extra]";
$schema_create .= ",$crlf";
}
$schema_create = ereg_replace(",".$crlf."$", "", $schema_create);
$result = mysql_db_query($db, "SHOW KEYS FROM $table") or mysql_die();
while($row = mysql_fetch_array($result))
{
$kname=$row['Key_name'];
if(($kname != "PRIMARY") && ($row['Non_unique'] == 0))
$kname="UNIQUE|$kname";
if(!isset($index[$kname]))
$index[$kname] = array();
$index[$kname][] = $row['Column_name'];
}
while(list($x, $columns) = @each($index))
{
$schema_create .= ",$crlf";
if($x == "PRIMARY")
$schema_create .= " PRIMARY KEY (" . implode($columns, ", ") . ")";
elseif (substr($x,0,6) == "UNIQUE")
$schema_create .= " UNIQUE ".substr($x,7)." (" . implode($columns, ", ") . ")";
else
$schema_create .= " KEY $x (" . implode($columns, ", ") . ")";
}
$schema_create .= "$crlf)";
if(get_magic_quotes_gpc()) {
return (stripslashes($schema_create));
} else {
return ($schema_create);
}
}
// Get the content of $table as a series of INSERT statements.
// After every row, a custom callback function $handler gets called.
// $handler must accept one parameter ($sql_insert);
function get_table_content($db, $table, $handler)
{
$result = mysql_db_query($db, "SELECT * FROM $table") or mysql_die();
$i = 0;
while($row = mysql_fetch_row($result))
{
set_time_limit(60); // HaRa
$table_list = "(";
for($j=0; $j$strDocu]");
}
function show_message($message) {
if(!empty($GLOBALS['reload']) && ($GLOBALS['reload'] == "true"))
{
// Reload the navigation frame via JavaScript
?>
|
|
", nl2br($GLOBALS['sql_query']);
if (isset($GLOBALS["sql_order"])) echo " $GLOBALS[sql_order]";
if (isset($GLOBALS["pos"])) echo " LIMIT $GLOBALS[pos], $GLOBALS[cfgMaxRows]";?>
|